Date: Tue, 28 Oct 1997 10:58:51 +0200 (EET) From: "Pseudo-user collecting FreeBSD mailing lists." <freebsd@vicotec.kiev.ua> To: Michael Ryan <mike@NetworX.ie> Cc: FreeBSD Support <questions@FreeBSD.ORG> Subject: Re: dfilter in iijppp Message-ID: <Pine.BSF.3.95q.971028105406.1777A-100000@ubik.vicotec.kiev.ua> In-Reply-To: <ECS9710271309A@NetworX.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Mon, 27 Oct 1997, Michael Ryan wrote: > Hi Folks, > > I have set up iijppp for dial-on-demand. It's working great. > Now, I want to install dfilter rules to determine what brings > up the link. > > I want -only- http traffic (dst port = 80) to bring up the link. > I'm using Squid as a proxy http cache. > > But, the first thing Squid will do is try to resolve the hostname > into an IP address using DNS. > > Therefore, I would also have to allow DNS traffic to activate the > link, or Squid will fail, saying it can't resolve the hostname. > But, once I do this, then just about every service will cause the > link to come up, e.g. both sendmail and ping will try to resolve > hostnames as well. >From /usr/local/squid/etc/squid.conf: "If you want to disable DNS tests, do not comment out or delete this list. Instead use the -D command line option" It works for me. > > Is there any way in practise to implement intelligent dfilter > rule sets. It seems to me that enabling DNS to activeate the link > (as seems to be required to get Squid to work) will implicitely > allow any service to activate the link... > > > Bye, > Mike > <mike@NetworX.ie> > --- > > > > Regards, Igor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.971028105406.1777A-100000>